diff --git a/lib/security/csp-config.ts b/lib/security/csp-config.ts
index 7cf966d69..aa3864f3b 100644
--- a/lib/security/csp-config.ts
+++ b/lib/security/csp-config.ts
@@ -41,12 +41,12 @@ export function getCSPConfig(request: NextRequest): CSPConfig {
   // Enhanced CSP policy with Cloudflare Insights support
   const policy = [
     "default-src 'self'",
-    "script-src 'self' 'nonce-" + nonce + "' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://va.vercel-scripts.com https://static.cloudflareinsights.com",
+    "script-src 'self' 'nonce-" + nonce + "' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://va.vercel-scripts.com https://static.cloudflareinsights.com https://checkout.razorpay.com",
     "style-src 'self' 'nonce-" + nonce + "' 'unsafe-inline' https://fonts.googleapis.com",
     "font-src 'self' https://fonts.gstatic.com",
     "img-src 'self' data: https: blob:",
-    "connect-src 'self' https://*.supabase.co https://*.vercel.app wss://*.supabase.co",
-    "frame-src 'none'",
+    "connect-src 'self' https://*.supabase.co https://*.vercel.app wss://*.supabase.co https://api.razorpay.com",
+    "frame-src 'self' https://checkout.razorpay.com",
     "object-src 'none'",
     "base-uri 'self'",
     "form-action 'self'",
@@ -77,12 +77,12 @@ export function applyCSPHeaders(response: Response, cspConfig: CSPConfig): Respo
 export function getDevelopmentCSP(): string {
   return [
     "default-src 'self'",
-    "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://vercel.live https://va.vercel-scripts.com https://static.cloudflareinsights.com",
+    "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://vercel.live https://va.vercel-scripts.com https://static.cloudflareinsights.com https://checkout.razorpay.com",
     "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
     "font-src 'self' https://fonts.gstatic.com",
     "img-src 'self' data: https: blob:",
-    "connect-src 'self' https://*.supabase.co https://*.vercel.app wss://*.supabase.co",
-    "frame-src 'none'",
+    "connect-src 'self' https://*.supabase.co https://*.vercel.app wss://*.supabase.co https://api.razorpay.com",
+    "frame-src 'self' https://checkout.razorpay.com",
     "object-src 'none'",
     "base-uri 'self'",
     "form-action 'self'",
diff --git a/package-lock.json b/package-lock.json
index f3ff6bd5b..00913170a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4,6 +4,7 @@
   "requires": true,
   "packages": {
     "": {
+      "name": "codeunia",
       "dependencies": {
         "@google/generative-ai": "^0.24.1",
         "@radix-ui/react-avatar": "^1.1.10",
@@ -6258,9 +6259,9 @@
       }
     },
     "node_modules/axios": {
-      "version": "1.11.0",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.11.0.tgz",
-      "integrity": "sha512-1Lx3WLFQWm3ooKDYZD1eXmoGO9fxYQjrycfHFC8P0sCfQVXyROp0p9PFWBehewBOdCwHc+f/b8I0fMto5eSfwA==",
+      "version": "1.12.0",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.0.tgz",
+      "integrity": "sha512-oXTDccv8PcfjZmPGlWsPSwtOJCZ/b6W5jAMCNcfwJbCzDckwG0jrYJFaWH1yvivfCXjVzV/SPDEhMB3Q+DSurg==",
       "license": "MIT",
       "dependencies": {
         "follow-redirects": "^1.15.6",
diff --git a/package.json b/package.json
index 648814606..8d9de1175 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,12 @@
     "test:local:security": "./scripts/test-ci-local.sh security",
     "test:local:build": "./scripts/test-ci-local.sh build",
     "test:local:vercel": "./scripts/test-ci-local.sh vercel",
-    "vercel:setup": "./scripts/setup-vercel-config.sh"
+    "vercel:setup": "./scripts/setup-vercel-config.sh",
+    "lighthouse": "lhci autorun",
+    "lighthouse:local": "lhci autorun --config=lighthouserc.js",
+    "lighthouse:install": "npm install -g @lhci/cli@0.12.x",
+    "lighthouse:test": "./scripts/lighthouse-test.sh local",
+    "lighthouse:custom": "./scripts/lighthouse-test.sh custom"
   },
   "dependencies": {
     "@google/generative-ai": "^0.24.1",
diff --git a/vercel.json b/vercel.json
index 9b3fcc563..df4092904 100644
--- a/vercel.json
+++ b/vercel.json
@@ -73,7 +73,7 @@
         },
         {
           "key": "Content-Security-Policy",
-          "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://va.vercel-scripts.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https: blob:; connect-src 'self' https://*.supabase.co https://*.vercel.app wss://*.supabase.co; frame-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests;"
+          "value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://va.vercel-scripts.com https://static.cloudflareinsights.com https://checkout.razorpay.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https: blob:; connect-src 'self' https://*.supabase.co https://*.vercel.app wss://*.supabase.co https://api.razorpay.com; frame-src 'self' https://checkout.razorpay.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests;"
         }
       ]
     }